Validation Scoring Logic Ignores validationDeviationFactor
Summary
The contract defines two deviation factors, validationDeviationFactor and generationDeviationFactor, to filter scores during validation and generation reward calculations. However, only generationDeviationFactor is applied in finalizeValidation when calculating valid scores, while validationDeviationFactor is unused. This oversight may lead to inconsistencies in reward distributions and biased scoring, as validations are not filtered based on the expected deviation threshold.
Vulnerability Details
While generationDeviationFactor is effectively applied in calculating valid score ranges for generators, validationDeviationFactor is absent from the validation reward computation:
The logic above uses only _mean and _stddev to validate scores. To ensure that validators are within a specific deviation range, validationDeviationFactor should also be factored into the range calculation
Impact
Validators are rewarded based on a stricter threshold than configured, potentially excluding valid scores that would fall within the intended deviation range if validationDeviationFactor were applied.
Tools Used
Manual
Recommendations
To ensure that validators are rewarded consistently, apply the validationDeviationFactor when evaluating valid validation scores.
if ((score >= _mean - validationDeviationFactor * _stddev) && (score <= _mean + validationDeviationFactor * _stddev)) {
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.